Quickly triage, prioritize, and respond to notable events by understanding the priority of any incident and which hosts were involved. Gain contextual insights about the incident and host and pivot on any incident or host attribute to find additional indicators and related events. Security team members can collaborate and review all activities related to the host and incident in a single location, as well as explore the raw data and view the journal of incident activities.

Asset Investigator

The Asset Investigator allows you to visually correlate activities across devices that employ disparate technologies. You can adjust timeframes and build a story from the events and then either create searches to detect those events or share the story with a team member.

Threat Activity

The Threat Activity dashboard provides direct access to events that correlate to all threat intelligence sources: third-party subscriptions, law enforcement, internal and shared sources. It provides insights into the trends, activities, users, and host event information associated with threat intelligence. Utilize threat intelligence as the starting point of your workflow, or use threat intelligence across various aspects of monitoring, reporting and investigation. Watch the video.

Investigative Tools

The Investigation Workbench streamlines incident investigation and accelerates incident response by displaying relevant data and information regarding one or more notable events that represent a potential security threat - all in one workflow. The Investigation capability of Splunk Enterprise Security enables you to focus on tracking attack activities while the system tracks your searches, activities and notes taken throughout the investigation. Add relevant events, activities and notes to the Attack & Investigation Timeline to visualize, and more clearly understand the attack details, as well as the sequential relationship between various events - and as a result, more quickly determine the appropriate next steps.

Protocol Intelligence

Protocol Intelligence provides fast access to wire data and includes dashboards for the most important fields in the most common protocols that are provided by the Splunk App for Stream or provided by network forensics tools. Pre-built reports that use key fields extracted from wire data simplify profiling to spot unusual activity. Protocol intelligence also applies threat intelligence to email envelopes, DNS queries and responses, and SSL certificates to accelerate incident response and detection.

Glass Tables

Glass Tables allow custom visualizations that can reflect your topology, workflows, detect, investigate and respond sequences. Use dashboards and summary views with relevant context to suit your needs. You can create glass tables from more than 100 Security Metrics, including notables.

Adaptive Response

Adaptive Response improves operational efficiency and optimizes threat detection and remediation using workflow-based context with automated and human-assisted decisions. Analysts can automate actions or individually review response actions so that they can quickly gather more context or take appropriate actions across a multi-vendor security ecosystem.

Real-Time Security Needs Real-Time Answers

Splunk Enterprise Security (ES) is a solution that gives you what you need to quickly detect and respond to internal and external attacks. Simplify threat management while minimizing risk and safeguarding your business. Splunk ES streamlines all aspects of security operations and is suitable for organizations of all sizes and expertise. Splunk ES is a SIEM that provides insight into machine data generated from security technologies such as network, endpoint, access, malware, vulnerability and identity information.

With Splunk as our SIEM solution, it's easy to get data in and get results out quickly. Splunk Enterprise Security gives us immediate, actionable, meaningful secuirty intelligence that we simply did not have before.

What is Enterprise Security?

Splunk Enterprise Security runs on top of Splunk® Enterprise or Splunk Cloud. It provides an analytics-driven security information and event management solution that can be deployed as software, as a cloud service, in a public or private cloud, or in a hybrid software-cloud deployment. Check out our use cases.

Operationalize Threat Intelligence

Multiple threat intelligence sources can be aggregated, de-duplicated and assigned weights so a wide range of Indicators of Compromise (IOCs) can be used for all aspects of monitoring, alerting, reporting, investigation and forensic analysis.

Monitor in Real Time

Optimize Incident Response

Streamline investigations of dynamic, multi-step attacks with the ability to visualize and compare notable events, and therefore more clearly understand the attack details, as well as the sequential relationship between various events to quickly determine the appropriate next steps.

Improve Operational Efficiency

Customers can improve investigation and remediation times by automating decisions or by using human-assisted decisions with full context from Adaptive Response.